Johan F2 wrote:
We are using eap-tls for authetication assisted with a database for filling
in some attributes.
FreeRADIUS Version 2.1.3 with minimal configuration will do a sql lookup for
each round.
(Four selects: radcheck, radusergroup, radgroupcheck and radgroupreply).
There are 6-9 rounds depending on certificate chain sizes.
Obviously performance would be better with only one database lookup.
Part of the (attempted) configuration:
authorize {
preprocess
eap
if (I have tried some conditions here) {
The default FR 2.0 config has:
authorize {
eap {
ok = return
}
}
...which will do what you want. As always, mangling the default config
without understanding why it does what it does is a bad idea.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html